http://www.powerasn.

com
Introduction to ASN.1
Simple and structured types
Basic concepts
Version 1.1.2
2 Introduction to ASN.1 http://www.powerasn.com
Presentation
Problem:
Heterogeneous systems
Multiple programming languages
How to exchange information?
Abstract Syntax Notation 1
3 Introduction to ASN.1 http://www.powerasn.com
ASN.1 is everywhere
ASN.1 is:
A formal notation to describe data types
A specification of encoding / decoding rules
Is it used in many fields, such as:
Aeronautics: ATN
Telecommunications: VoIP, MAP
Network protocols: SNMP
Security: cryptography, digital signature
4 Introduction to ASN.1 http://www.powerasn.com
ASN.1 processes
ASN.1
specification
Encoding
rules
ASN.1 objects
source code
Compilation
(language
specific
projection)
Decoding
rules
30 80 02 02 A0 41 30 00 00 00
5 Introduction to ASN.1 http://www.powerasn.com
ASN.1 components
A notation syntax used to represent constrained data
types: this syntax is abstract as it is not linked with a
particular transfer syntax (encoding / decoding
processes)
Standard transfer syntaxes:
BER: Basic Encoding Rules
CER: Canonical Encoding Rules
DER: Distinguished Encoding Rules
PER: Packed Encoding Rules
XER (B-XER,C-XER, E-XER): XML Encoding rules
Octet-based
transfer syntaxes
Bit-based
6 Introduction to ASN.1 http://www.powerasn.com
Simple types
INTEGER
REAL
ENUMERATED
BOOLEAN
OCTET STRING, BIT STRING
String types (NumericString, VisibleString, )
UTCTime
GeneralizedTime
RELATIVE IDENTIFIER
OBJECT IDENTIFIER
NULL (no associated value)
7 Introduction to ASN.1 http://www.powerasn.com
Identifiers
RELATIVE IDENTIFIER
OBJECT IDENTIFIER
Identifier ::= NumericValue
::= NumericValue Id
Id ::= "." Identifier
Example: 2.5.29.15 (certificate key usage)
8 Introduction to ASN.1 http://www.powerasn.com
Structured types
Placeholders for inner ASN.1 elements
SEQUENCE Ordered
SET Unordered
SEQUENCE OF
SET OF
EMBEDDED PDV,
Collections
9 Introduction to ASN.1 http://www.powerasn.com
Structured types elements
Inner ASN.1 elements can be declared:
Mandatory: must be initialized
OPTIONAL: may not be initialized
With a DEFAULT value: this value is used if not
initialized
OPTIONAL and DEFAULT are mutually exclusive
These declarations along with a transfer syntax
define the encoding (or decoding) process success
or failure
10 Introduction to ASN.1 http://www.powerasn.com
Transparent types
CHOICE Alternative
Defined set of possible (tagged) elements
Each element must be uniquely identified
This identification is linked with encodings
OpenType Formerly ANY
Blob type
Do not appear in encodings
11 Introduction to ASN.1 http://www.powerasn.com
Types constraints
Basic types (examples):
INTEGER: minimum / maximum values
REAL: minimum / maximum values
String types: characters restrictions, length, regular
expressions match
ENUMERATED: list of accepted (significant) values
Time (UTC, Generalized): time validity
IDENTIFIER: positive integer values with restrictions
Collections:
minimum / maximum size
Elements types (inner elements must belong to the same
type)
12 Introduction to ASN.1 http://www.powerasn.com
Simple types derived types examples
Version ::= INTEGER
Name ::= UTF8String SIZE(1..50)
-- Not empty and cannot exceed 50 characters
Gender ::= ENUMERATED {
male,
female
}
13 Introduction to ASN.1 http://www.powerasn.com
Values assignments
General format:
instance ::= Type Value
|
<tag>Value</tag> -- XML format
Examples:
Int ::= INTEGER
my-Value ::= Int 3
bool-Instance ::=
BOOLEAN
TRUE
14 Introduction to ASN.1 http://www.powerasn.com
SEQUENCE derived type example
Individual ::= SEQUENCE {
first UTF8String,
last UTF8String,
age INTEGER (0..MAX) OPTIONAL,
gender Gender DEFAULT female
}
myself Individual ::= { -- 'age' is not mandatory
first "foo", last "bar", gender male
}
15 Introduction to ASN.1 http://www.powerasn.com
SET OF derived type example
Individuals ::= SET OF Individual
myIndividuals Individuals ::= {
{first "Paul", last "Smith", age 24, gender male},
{first "John", last "Smith", age 30, gender male},
{first "Pamela", last "Smith"}
-- gender DEFAULT value applies if not mentioned
}
16 Introduction to ASN.1 http://www.powerasn.com
CHOICE derived type example
Time ::= CHOICE {
utc UTCTime,
general GeneralizedTime
}
myTime Time ::= {utc "0612242359Z"}
Only one inner ASN.1 element encoded
17 Introduction to ASN.1 http://www.powerasn.com
Generic linked list example 1
LinkedList1 ::= SEQUENCE {
value OpenType,
next NextElement
}
NextElement ::= CHOICE {
other LinkedList1,
noElement NULL
}
Value 1
Value 2
Value 3
Value 4
NULL
Example of 4 values
18 Introduction to ASN.1 http://www.powerasn.com
Generic linked list example 2
LinkedList2 ::= SEQUENCE {
value OpenType,
next LinkedList2 OPTIONAL
}
Value 1
Value 2
Value 3
Value 4
Example of 4 values
19 Introduction to ASN.1 http://www.powerasn.com
Generic linked list example 3
LinkedList3 ::= SEQUENCE OF OpenType
Value 1
Value 2

Value n
20 Introduction to ASN.1 http://www.powerasn.com
Specs evolution: types substitution
Replace any non OpenType element with CHOICE:
MyValue ::= INTEGER
MyValue ::= CHOICE {
val1 INTEGER,
val2 REAL
}
21 Introduction to ASN.1 http://www.powerasn.com
Specs evolution: extensibility
Use of ellipsis within SEQUENCE (OF) and
ENUMERATED types and types constraints (ASN.1
97 specifications)
Example:
Individual ::= SEQUENCE {
first UTF8String,
last UTF8String,
age INTEGER (0..MAX) OPTIONAL,
gender Gender DEFAULT female,

}
22 Introduction to ASN.1 http://www.powerasn.com
First specification extension
Individual ::= SEQUENCE {
first UTF8String,
last UTF8String,
age INTEGER (0..MAX) OPTIONAL,
gender Gender DEFAULT female,
,
[[2: address UTF8String,
town UTF8String]]
}
Can be omitted: refers to version 2 extra components
23 Introduction to ASN.1 http://www.powerasn.com
Next specification extension
Individual ::= SEQUENCE {
first UTF8String,
last UTF8String,
age INTEGER (0..MAX) OPTIONAL,
gender Gender DEFAULT female,
,
[[2: address UTF8String,
town UTF8String]],
[[3: email GeneralString]]
}
24 Introduction to ASN.1 http://www.powerasn.com
Comments on extensibility
Opening and closing double square brackets used to
group extensions together
An optional version number can be mentioned
Double squares are not mandatory:
[[2: address UTF8String,
town UTF8String]],
email GeneralString
25 Introduction to ASN.1 http://www.powerasn.com
Module description
ModuleName DEFINITIONS
IMPLICIT TAGS
-- Module header section
::=
BEGIN
-- IMPORTS section;
-- EXPORTS section;
-- Derived types declarations section
END
26 Introduction to ASN.1 http://www.powerasn.com
CHOICE invalid definition 1
Invalid1 ::= CHOICE {
str1 PrintableString,
str2 PrintableString
}
Why is this definition incorrect?
27 Introduction to ASN.1 http://www.powerasn.com
CHOICE invalid definition 1 (ctnd)
Invalid1 ::= CHOICE {
str1 PrintableString,
str2 PrintableString
}
2 elements of the same type: decoding ambiguity
28 Introduction to ASN.1 http://www.powerasn.com
CHOICE invalid definition 2
Invalid2 ::= CHOICE {
blob OpenType,
octets OCTET STRING
}
Why is this definition incorrect?
29 Introduction to ASN.1 http://www.powerasn.com
CHOICE invalid definition 2 (ctnd)
Invalid2 ::= CHOICE {
blob OpenType,
octets OCTET STRING
}
OpenType can hold an OCTET STRING: similar
to previous case
30 Introduction to ASN.1 http://www.powerasn.com
Basic ASN.1 notation limits
TwoInt ::= SEQUENCE {
val1 INTEGER OPTIONAL,
val2 INTEGER OPTIONAL
}
Why is this description incorrect?
31 Introduction to ASN.1 http://www.powerasn.com
Basic ASN.1 notation limits (ctnd)
TwoInt ::= SEQUENCE {
val1 INTEGER OPTIONAL,
val2 INTEGER OPTIONAL
}
What happens if only one INTEGER is initialized?
Decoding ambiguity: val1 or val2 received?
32 Introduction to ASN.1 http://www.powerasn.com
Basic ASN.1 notation limits (end)
OtherAmbiguous ::= SEQUENCE {
val1 INTEGER DEFAULT v1(1),
val2 INTEGER OPTIONAL
}
Same problem if the applied transfer syntax does not
encode non-initialized DEFAULT-valued elements
Decoding ambiguity if a single INTEGER is
encoded
33 Introduction to ASN.1 http://www.powerasn.com
Non-ambiguous declaration
Use tags!
Unambiguous ::= SEQUENCE {
val1 [0] INTEGER OPTIONAL,
val2 INTEGER OPTIONAL
}
Refer to ASN.1 tagging presentation
34 Introduction to ASN.1 http://www.powerasn.com
Conclusion
ASN.1 is used in various domains including security
It is composed of:
A notation syntax
A set of standard transfer syntaxes, including XML-like
ASN.1 is an improved working environment
Allows backward compatible evolutions
Transfer syntaxes ensure systems interoperability
Many implementations available in many languages
(Perl, PHP, C, C++, Java, .NET, )
Efficient octet-based and bit-based implementations
for high performances and real-time communications